The nightly news presented some startling facts about HIT and patient privacy in prime time. To someone who is an HIT advocate, the news was disheartening. You may have seen the report; “Are your medical records really confidential”. I cringed as I thought about the millions of Americans sitting on their couch thinking about the security of their own personal information. I also thought about the thousands of Americans that are working so hard to educate, train and implement HIT in health care systems across this country.
The report simply stated that medical information is being stolen and sold to the highest bidder on the web. In the past, I always pictured these hackers (like you see in the movies) tapping into the HIE and stealing confidential information. This report did not mention that kind of hacker. They reported that the culprits ( new generation hackers) are within the medical practices; employees (could be employers in some cases) who download the info and sell to sources for illegal trade. This raises the question who would want this information? The report points to stake holders of the medical system; vendors and businesses that can use this medical data to target specific customers and optimize their sells by customizing their marketing and advertising schemes.
For those of you who work so hard to build a viable industry, this is a slap in the face. The health care system that is so adamant about the adoption of HIT, is cannibalizing its own efforts. If there was not demand for this information, then there would not be any need to steal. The guilty employees and stakeholders must not understand how this undermines everything that they work (or steal) for. It is amazing that with all of this technology it is still a people issue. We always say that the technology is a tool which can be used in multiple ways and for good or bad purposes. However, it is apparent that without the new technology these thieves would not be enabled to pursue this opportunity. Every innovation gets its own SWOT analysis and so does HIT unfortunately.
I could spend more time talking about this but I think I will go contemplate what this means. I hope you will too. Let’s think about the implications of these actions and how do we rebuild the confidence of the public. What additional measures do we need to put in place? It seems to me that this is not really a technical issue at this point. Does the privacy and security need to be more focused on the people who are working with the technology than the technology itself? Do we need security cameras and lie detectors within practices and hospitals which will add more expense to the cost of EHR? I hope not.
I’m baffled, and I hope you are too.